[newlib-cygwin] Cygwin: Fix cygheap corruption caused by cloned atomic buffer
Corinna Vinschen
corinna@sourceware.org
Mon Oct 29 09:09:00 GMT 2018
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=af85fdd73f6ac87e02ee2872e415e7e89d7111f4
commit af85fdd73f6ac87e02ee2872e415e7e89d7111f4
Author: David McFarland <corngood@gmail.com>
Date: Sun Oct 28 16:22:44 2018 -0300
Cygwin: Fix cygheap corruption caused by cloned atomic buffer
The fhandler_base_overlapped::copyto clears atomic_write_buf on the
clone, but none of the derived classes were doing this. This allowed
the destructor to double-free the buffer and corrupt cygheap.
Clear atomic_write_buf in copyto of all derived classes.
Diff:
---
winsup/cygwin/fhandler.h | 2 ++
winsup/cygwin/release/2.11.2 | 3 +++
2 files changed, 5 insertions(+)
diff --git a/winsup/cygwin/fhandler.h b/winsup/cygwin/fhandler.h
index 2cc99d7..9e63867 100644
--- a/winsup/cygwin/fhandler.h
+++ b/winsup/cygwin/fhandler.h
@@ -1216,6 +1216,7 @@ public:
{
x->pc.free_strings ();
*reinterpret_cast<fhandler_pipe *> (x) = *this;
+ reinterpret_cast<fhandler_pipe *> (x)->atomic_write_buf = NULL;
x->reset (this);
}
@@ -1256,6 +1257,7 @@ public:
{
x->pc.free_strings ();
*reinterpret_cast<fhandler_fifo *> (x) = *this;
+ reinterpret_cast<fhandler_fifo *> (x)->atomic_write_buf = NULL;
x->reset (this);
}
diff --git a/winsup/cygwin/release/2.11.2 b/winsup/cygwin/release/2.11.2
index c8d81d4..b9ccc5c 100644
--- a/winsup/cygwin/release/2.11.2
+++ b/winsup/cygwin/release/2.11.2
@@ -11,3 +11,6 @@ Bug Fixes
- Return ESPIPE rather than EINVAL from lseek on a fifo.
Addresses: https://cygwin.com/ml/cygwin/2018-10/msg00019.html
+
+- Fix a memory corruption when using pipes or FIFOs
+ Addresses: https://cygwin.com/ml/cygwin-patches/2018-q4/msg00000.html
More information about the Cygwin-cvs
mailing list